Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old November 17th, 2006, 10:06 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default ASPNET account for ASPNET.MDF DB-Please help

I have done alot of research on this--and so many people have different advice for this--but I am wondering if I am getting stuck on terminology. Basically, I use Visual Studio and can use user/login features via going through the app within Visual Studio that creates the ASPNET.MDF file and set users and roles up.

My problem is when I copy into my INETPUB directory-or, I have even tried deleting the ASPNET.MDF file I copied and recreate it in the INETPUT directory by using Visual Studio to "open website" and point it to my app in the INETPUB folder. I am hosting my own site and try connecting via typing "Localhost" in my browser and I get the infamous "cannot login the localhost/ASPNET account" error.

My connection string has been changed so that userinstance and the other configuration (typically set to SSPI--can't remember it right now) is set to True.

I think my problem is maybe with my understanding of SQLSERVER EXPRESS? All the articles I have read state to allow ASPNET account for the DB (I am using IIS 5.0). My questions are this:

a) Do I have to create an ASPNET "login" or should that alrady be there?
b) If I have to create it---I can create a simple login for a user--is there something special about creating this ASPNET "login"? I am hoping this isnt the issue, becaue I actually tried creating an ASPNET login and it wouldn't work.
c) How do I get the ASPNET login created? I tried installing the .NET 2.0 redistrib package--but that didn't do it.
d) I assume once I have a "login" then I go into security for the aspnet.mdf db and add the "login" as a user. When I try adding the ASPNET as a user, I don't see it in the list-unless I manually entered it via creating a user but not sure if I should be doing this or if it should already be a login.

If there is a tutorial out there somewhere on how to set up the ASPNET account that someone could point me to, I'd really appreciate it.

Kind Regards,
Rob Searing
Reply With Quote
  #2 (permalink)  
Old November 18th, 2006, 08:52 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Please help...I have been researching this for days.

Current config:

web.config=

<connectionStrings>
     <remove name="LocalSqlServer" />
     <add name="LocalSqlServer" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirector y|\aspnetdb.mdf;Integrated Security=True;User Instance=True"
      providerName="System.Data.SqlClient" />
  </connectionStrings>

I have gone in and created, manually, an localhost/aspnet login. I have gone in, attached the aspnetdb.mdf db then gone in and given security rights as a user to the above and given ALL rights to the DB.

I have gone in and right clicked on the app_Data folder and given it security rights to the aspnet user.

I keep getting Cannot open user default database. Login failed.
Login failed for user 'PHANTOMLAP\ASPNET'.

What am I doing wrong?? I am using IIS 5.1.

Regards,
Rob

Reply With Quote
  #3 (permalink)  
Old November 19th, 2006, 07:18 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rob,

It looks like you're mixing up concepts.
SQL Server Express allows you to attach databases on the fly at run-time with the AttachDbFilename in the connection string. You then need to grant permissions to the App_Code folder for the ASPNET account (it should be there; on the Security tab click Add, then type ASPNET (without the dot) en click OK. The account should be added to the list, or your installation is broken).

Alternatively, you attach databases to SQL Server manually, either to an Express edition or a full version. When the database has already been attached, SQL manages the users, so you'll need to create an account in SQL Server and grant it permissions to your database.

In your case, it looks like it's mixed up. You don't "go in, attach the aspnetdb.mdf db then go in and given security rights as a user" to a database that's to be attached on the fly.

So, here's what you could do:

1. Take a deep breath
2. Backup the App_Code folder
3. Go to SQL Server and *delete* the relevant database, user accounts and so on. This way, you can start out clean.
4. Then copy the database back in the App_Code folder and try again, without changing anything in SQL Server.

Alternatively, change your connection string, so it no longer tries to attach at run-time. Use a "proper" connection string (from www.connectionstrings.com).

I recently wrote an article that explains all of this in great detail. Take a look here: http://imar.spaanjaars.com/QuickDocId.aspx?quickdoc=395 I think you should read all of it to get familiar with the terminology, then look at Scenario 2 for more details about your situation.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #4 (permalink)  
Old November 19th, 2006, 08:24 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

FINALLY -- IT WORKED!!! THANK YOU SO MUCH. You really have no idea...

The only thing that I could use some help with is this--I was able to test the logon feature--and it worked--I got surprised so I went into VStudio and into the app they have (forget the name) that allows you to create roles / users, etc. I went in and created some roles and assigned them to users and set a rule up for an admin folder. When I went to test I got an error with the '/' app. I assume this is because some process was still using the aspnetdb file? (When I restarted, I was able to get it to work).

Second--I almost was nervous, as it didn't work at first--in fact I got the same "aspnet account cannot access" error--until I went into the connectionstring and changed sspi to true. What did changing that fix?

Thirdly--why wouldn't this work when I manually went in and attached the aspnetdb file--added the ASPNET account and then detached. I always detached....but something about me adding the account was messing it up.

LASTLY--Is there a control, or a way you could suggest, so that after I get this up and running for the Knights, that I can assign members to roles via the app--rather than having to go through visual studio app? I can create a user via the control--I assume there is some line of code that I could add as an action to a customer button to "make this person a particular role"?

Imar--you are a godsend! I mean that. I spent days and days trying to get an answer to this.

(quick add)
I'm not sure if this is related. Although the login seems to work...I wanted to hide certain nodes in my sitemap that correspond to the admin. I add "roles=role" to try to limit it (see my sitemap below)..but that isn't working. I also tried moving the "roles=" to the end of the tag..didn't work..I see them when I start up the app.

<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode title="Home" description="Homepage" url="~/Default.aspx">
    <siteMapNode title="About Us" description="About" url="~/Default2.aspx"/>
    <siteMapNode title="Pics" description="pics" url="~/pics.aspx"/>
    <siteMapNode title="Events" description="events" url="~/events.aspx"/>
    <siteMapNode title="Council" description="council" url="~/council.aspx"/>
    <siteMapNode title="Login" description="login" url="~/login.aspx"/>
    <siteMapNode roles="Admin" title="Admin" description = "Admin" url="~/Admin/admintest.aspx">
     <siteMapNode roles="Admin" title="Add Member" description = "Add Member"

url="~/addmember.aspx"/>
     <siteMapNode roles="Admin" title="Add Pics" descsription = "Add Pics" url="~/addpics.aspx"/>
     <siteMapNode roles="Admin" title="Add Events" description = "Add Events"

url="~/addevents.aspx"/>
    </siteMapNode>
</siteMapNode>
</siteMap>

Consequently--it seems odd that the rules for roles to limit access to a folder would be:

<authorization>
        <allow roles="Admin" />
            <deny users="*" />
</authorization>

Does this seem right?


Kind Regards,
Rob
Reply With Quote
  #5 (permalink)  
Old November 21st, 2006, 03:39 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rob,

Glad it's all working. I'll try to answer your other questions below:

1. Not sure what caused that. The file could indeed have been locked, or maybe the changes weren't picked up yet.

2. SSPI indicates that the database is accessed with the credentials from the running process. This means the account used by the webserver (ASPNET or Network Service) needs permissions to the database. Without SSPI (also known as Integrated Security) you need to pass a user name and a password.

3. Don't know exactly, because I don't know what you tried. The AttachDbFilename option is meant to attach databases on the fly at run-time. This can conflict with databases that you already attached manually. Usually, you should stick to one of the two options: attach manually and use a different connection string, or attach at run-time. The latter option works good with SQL Express on the same machine, while the other also works with SQL Server on a different machine.

4. Yes, you can. Look into the CreateUserWizard controls: http://msdn2.microsoft.com/en-us/sys...serwizard.aspx
It fires a few events that you can handle to insert the user into a predefined set of roles if you want.

5. To make the sitemap take the roles attribute into account, you need to enable "security trimming" (http://msdn2.microsoft.com/en-us/lib...ngenabled.aspx) in your web.config file. Chapter 12 (The Wrox BugBase) of my book ASP.NET 2.0 Instant Results shows how this works. Here's a snippet from the web.config that shows you how to configure this:
Code:
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
  <providers>
    <add name="XmlSiteMapProvider"
      description="Default SiteMap provider."
      type="System.Web.XmlSiteMapProvider, 
                 System.Web, Version=2.0.3600.0, Culture=neutral, 
                 PublicKeyToken=b03f5f7f11d50a3a"
      siteMapFile="Web.sitemap"
      securityTrimmingEnabled="true" />
  </providers>
</siteMap>
Hope this helps,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #6 (permalink)  
Old November 21st, 2006, 05:27 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Imar,

Thanks. I was able to get the sitemappath working with the addition. At first, I was getting an error about a null reference, but realized I had put some default code to collapse the admin node. Well, with the trimming enabled and admin disabled, there was no admin to find. I'll have to add some customer code to only collapse if role=something or other--I'll play around with that.

The only thing I could use your help in clarifying is:

2. SSPI indicates that the database is accessed with the credentials from the running process. This means the account used by the webserver (ASPNET or Network Service) needs permissions to the database. Without SSPI (also known as Integrated Security) you need to pass a user name and a password.

I don't understand this as I have Integrated Security set to true (not SSPI). I am not passing it a username and password, in fact, the way I was understanding it was that with it set up this way, the ASPNET account needs access--thus the reason for making sure that ASPNET had access to the folder in security permissions (via right-clicking the folder).

I guess where I am getting confused is that I am running Int. Sec = True and it is working--and I am not passing username/pass. According to statement above--you make it sound like the opposite.

Where am I getting SSPI and TRUE mixed up? Again--I am using TRUE and works.

THANKS!
Rob

Reply With Quote
  #7 (permalink)  
Old November 21st, 2006, 06:44 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Rob,

Take a look here: http://www.connectionstrings.com/ under SQL Server 2005 | SqlConnection (.NET).

Basically, you can choose between:

Integrated Security=SSPI

and

Trusted_Connection=True

Both options do the same thing: run data access code under the process credentials. Not sure to what extend you can mix True and SSPI for the options involved though. But you can try out various combinations and see what works for you.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #8 (permalink)  
Old November 21st, 2006, 10:03 AM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Imar,

Mine is neither--consequently, when I do SSPI, I cannot connect.

I also checked the BugBase connection string--it uses the same Integrated Security:

Mine:

<connectionStrings>
        <remove name="LocalSqlServer" />
        <add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=true;AttachDBFilename=|DataDirectory|aspn etdb.mdf;User Instance=true"
            providerName="System.Data.SqlClient" />
    </connectionStrings>

Bug Base:

  <connectionStrings>
    <add name="BugBase" connectionString="Data Source=(local)\SqlExpress;AttachDbFilename=|DataDi rectory|\BugBase.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient" />
  </connectionStrings>

Not trying to argue--just confused.
Rob

Reply With Quote
  #9 (permalink)  
Old November 21st, 2006, 01:08 PM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Take a look here: http://msdn2.microsoft.com/en-us/lib...ionstring.aspx

According to the documentation, you can choose between Integrated Security and Trusted_Connection. Recognized values are "true, false, yes, no, and sspi (strongly recommended), which is equivalent to true."

So, it seems you can mix them.

If that doesn't work for you, just choose one that works. It all comes down to the same thing anyway.

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
Reply With Quote
  #10 (permalink)  
Old November 21st, 2006, 02:36 PM
Friend of Wrox
 
Join Date: Jul 2006
Location: olathe, ks, USA.
Posts: 238
Thanks: 0
Thanked 2 Times in 2 Posts
Send a message via MSN to rsearing
Default

Thank you Imar---what was strange is that I tried SSPI and it didnt work, then switched to True..and it did.

NOW..to prove me wrong..I just tried again using SSPI..and it worked. VERY ODD!

I'll just try researching more.

I really appreciate your help!

Kind Regards,
Rob

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASPNET Account Missing Emperor Budik .NET Framework 2.0 0 November 7th, 2008 05:38 AM
User Accounts ASPNET.mdf pschulz ASP.NET 2.0 Basics 3 June 19th, 2008 12:41 PM
Migrating users¡¦ data into aspnet.mdf Caster BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 2 April 21st, 2007 10:18 AM
Chap. 1 - Adding ASPNET User Account to Directory cjo BOOK: Beginning ASP.NET 1.0 2 October 15th, 2003 05:55 PM



All times are GMT -4. The time now is 11:46 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.